CVE-2022-40315

moderate-risk

Published 2022-09-30

A limited SQL injection risk was identified in the "browse list of users" site administration page.

Do I need to act?

0.71% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 33e9b8c3944731e646296d53e71932bed65d2f9e, 54b614ca7e6d23063dc88235a574c4de45f85224, 8febbe39733645a1aeb55f22d2adfb8d66dfc50d

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Moodle

Extra Packages For Enterprise Linux

Fedora

Moodle Fedoraproject

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2128150

Patch https://moodle.org/mod/forum/discuss.php?d=438394

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2128150

Patch https://moodle.org/mod/forum/discuss.php?d=438394

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 10/34 · Low